The Biggest Threat to SMBs are Cyber Attacks


Without a doubt, the largest threat to your SMB in 2018 is a cyber attack.

It’s easy to assume that the only cyber criminals and malicious hackers prey on enterprise-level companies and major organizations. Just in the past year, we’ve seen front-page stories of Verizon, the United States government, and Equifax experiencing hacks, leaks, and data breaches. Just check out ZDNet’s list of 28 news-breaking hacks in 2017.

But it’s a dangerous mindset to think that mom and pop stores and SMBs are safe. In fact, it’s critical that all SMBs invest in some form of cybersecurity in 2018.

Why SMBs are Targeted by Cyber Criminals

“Why would a cyber criminal target me, a small business, when they could hit a fortune 500 company?”

Why did Butch Cassidy and the Sundance Kid eventually abandon the lucrative train robberies of the Union Pacific Railroad? Powerful and resourced companies quickly learn to invest in security. Today, large companies are heavily investing in complex and difficult cyber security.

“If he’d just pay me what he’s spending to make me stop robbing him, I’d stop robbing him.”

— “Butch Cassidy and the Sundance Kid”

And when the security gets tough—like “who are those guys?” tough—criminals focus on easier targets. Butch Cassidy and the Sundance Kid rob the less organized and resourceful banks in Bolivia, and today’s cyber criminals focus on SMBs.

SMBs don’t have the nagging fear that they’ll experience hacks, leaks, and data breaches. And most importantly, SMBs don’t have the money or resources to invest in security.

The Unsettling State of SMB Cybersecurity in 2018

Essentially, most SMBs are sleeping with their business doors unlocked. Actually, sleeping with their company doors wide open is a more accurate metaphor. In Penemon Institute’s 2017 survey of 600 individuals in companies with less than 100 to 1,000 employees, the results are horrifying.

“61 percent of these respondents say their companies have experienced a cyber attack in the past 12 months, and 54 percent they have had data breaches involving customer employee information in the past 12 months. In the aftermath of these incidents, these companies spent an average of $1,027,053 because of damage or theft of IT assets. In addition, the disruption to normal operations cost an average of $1,207,965.”

Penemon Institute 2017 Study

The likelihood of your SMB having a cyber attack in 2018 is over 50%.

The likelihood of your SMB having a data breach in 2018 is over 50%.

And when you see that the average costs in damages to companies is millions of dollars, why wouldn’t you pay someone or some company to help you fortify your cyber defenses?

3 Steps for SMB Cybersecurity

#1. HTTP vs. HTTPS

Most attacks run over open ports on the internet—i.e. 80 (HTTP). These open ports are dangerous because web surfers can search and discover weak code.

One helpful solution to prevent discovery of weak codes is to use 443 (HTTPS). The “S” at the end of HTTPS stands for secure. For example, when you’re looking at sensitive information, like your bank account, your bank will use the more secure HTTPS.

How can your company make the switch? HTTPS requires an SSL certificate, which should be offered through your hosting provider. For example, if you use Amazon Web Service, you’d look at AWS’s process for an SSL certificate.

#2. Secure WiFi

Is your WiFi set up correctly? It’s a basic questions, but many security attacks—like a man-in-the middle—result from SMBs failings to correctly set up their WiFi. If you’re not sure who set up your WiFi, get an expert to make sure.

While you’re at it, protect customers and employees using the WiFi by implementing a wireless intrusion prevention system (WIPS). (But don’t be the home owner that spends thousands of dollars on a security system and fails to turn it on.) Assign an experienced employee or professional to regularly monitor your company WIPS to detect intruders and proactively update your network settings.

#3. BYOD Security

BYOD (bring-your-own-device) poses an important security risk for businesses. To better protect sensitive information and communication within your business, create two secure WiFis.

  • A WiFi for guests and personal devices
  • A WiFi strictly for secure company devices

Again, the trick is the follow-through. Strictly monitor these WiFis to make sure that guests and the personal devices of employees aren’t using the WiFi for the company. Monitor and explain to employees why they can’t connect their personal devices to the designated company WiFi. And to increase the security of your company WiFi and prevent personal devices from connecting, have additional measures of security like an intricate password and two-step verification.

Invest in Cybersecurity

These three tips are basic. They’re a great place to start if you’re just tackling this threat, but if you want to protect your company—you’ll need to do a lot more than these three steps.

The theme of this article is perhaps investing in people with IT security expertise. You can invest in software, but unless you have someone updating, monitoring, and enforcing security procedures, all the software in the world won’t do your company much good. We’re past the days of checking off the “security” box by installing a Norton AntiVirus software on every employee computer.

Statistics show that your company will be attacked sometime in the near future. So invest in a cybersecurity that can potentially save you millions of dollars by bringing in an expert or a team of trained experts, invest in your current IT staff, or hire an experienced managed security service to secure your business.